The Unofficial VCAP / VCP VMware Study Guide

4,773 views
4,653 views

Published on

Veeam® is happy to provide the VMware community with new, unofficial study guides prepared by VMware certified professionals Jason Langer and Josh Coen.

Free VCP5-DCV Study Guide
In this 136-page study guide Jason and Josh cover all seven of the exam blueprint sections to help prepare you for the VCP exam.

Free VCAP5-DCA Study Guide
For those currently holding their VCP certification and want to take it up a notch, Jason and Josh have you covered with the 248-page VCAP5-DCA study guide. Using this study guide along with hands-on lab time will help you in the three and a half hours, lab-based VCAP5-DCA exam.

Published in: Technology
0 Comments
7 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
4,773
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
270
Comments
0
Likes
7
Embeds 0
No embeds

No notes for slide

The Unofficial VCAP / VCP VMware Study Guide

  1. 1. THE UNOFFICIAL OFFICIAL VCAP5-DCA STUDY GUIDE By Jason Langer and Josh Coen This print version is brought to you by: HTTP://WWW.VIRTUALLANGER.COM HTTP://WWW.VALCOLABS.COM
  2. 2. for VMware & Hyper-V Modern Data Protection Built for Virtualization Veeam Backup & Replication v7 TM Get your backups offsite 50x faster Get more out of your virtual infrastructure Recover in minutes, not hours! To learn more, visit http://go.veeam.com/v7
  3. 3. Contents VCAP5-DCA Objective 1.1 – Implement and Manage Complex Storage Solutions ...................................... 2 VCAP5-DCA Objective 1.2 – Manage Storage Capacity in a vSphere Environment .................................... 31 VCAP5-DCA Objective 1.3 – Configure and Manage Complex Multipathing and PSA Plug-ins .................. 49 VCAP-DCA 5 Objective 2.1–Implement & Manage Complex Virtual Networks .......................................... 60 VCAP-DCA 5 Objective 2.2 – Configure & Maintain VLANs, PVLANs, & VLAN Settings .............................. 65 VCAP-DCA 5 Objective 2.3 – Deploy & Maintain Scalable Virtual Networking........................................... 69 VCAP-DCA 5 Objective 2.4–Administer vNetwork Distributed Switch Settings ......................................... 72 VCAP5-DCA-Objective 3.1–Tune and Optimize vSphere Performance ...................................................... 76 VCAP5-DCA-Objective 3.2–Optimize Virtual Machine Resources .............................................................. 88 VCAP5-DCA–Objective 3.3 – Implement and Maintain Complex DRS Solution........................................ 100 VCAP5-DCA – Objective 3.4 – Utilize Advanced vSphere Performance Monitoring Tools ....................... 122 VCAP5-DCA Objective 4.1–Implement and Maintain Complex VMware HA Solutions ............................ 133 VCAP5-DCA Objective 4.2-Deploy and Test VMware FT........................................................................... 151 VCAP-DCA 5 Objective 5.1–Implement and Maintain Host Profiles ......................................................... 161 VCAP-DCA 5 Objective 5.2 – Deploy and Manage Complex Update Manager Environments ................. 167 VCAP5-DCA – Objective 6.1 – Configure, Manage, and Analyze vSphere Log Files.................................. 175 VCAP5-DCA – Objective 6.2 – Troubleshoot CPU and Memory Performance.......................................... 188 VCAP5-DCA – Objective 6.3 – Troubleshoot Network Performance and Connectivity ............................ 192 VCAP5-DCA – Objective 6.4 – Troubleshoot Storage Performance and Connectivity .............................. 196 VCAP5-DCA – Objective 6.5 – Troubleshoot vCenter Server and ESXi Host Managemen........................ 200 VCAP-DCA 5 Objective 7.1– Secure ESXi Hosts ......................................................................................... 204 VCAP-DCA 5 Objective 7.2–Configure and Maintain the ESXi Firewall..................................................... 213 VCAP-DCA5 Objective 8.1 – Execute VMware Cmdlets and Customize Scripts Using PowerCLI.............. 218 VCAP-DCA 5 Objective 8.2–Administer vSphere Using the vSphere Management Assistant .................. 224 VCAP-DCA 5 Objective 9.1–Install ESXi Server with Custom Settings....................................................... 233 VCAP-DCA 5 Objective 9.2 – Install ESXi Hosts Using Auto Deploy .......................................................... 237
  4. 4. VCAP5-DCA Objective 1.1 – Implement and Manage Complex Storage SolutionsMay122012 For this objective I used the following documents:  Best Practices for NFS on vSphere White Paper  Documents listed in the Tools section Objective 1.1 – Implement and Manage Complex Storage Solutions Knowledge **ITEMS IN BOLD ARE TOPICS PULLED FROM THE BLUEPRINT**  Identify RAID Levels o If you are looking at this blueprint and contemplating taking this exam I’m going to assume that you know what RAID is. If you don’t, then you are possibly in for a LONG VCAP5-DCA preparation. I’m not going to list out every single RAID level, but I will go over the most commonly used ones; RAID 0, 1, 5, 6 and 1+0  RAID 0: Striping only, no redundancy. Data is striped over all disks in a RAID 0 set. Minimum of 2 disks.  Pros:    Very good performance Allows for the maximum use of disk space Cons    No redundancy Any drive failure will destroy the entire dataset RAID 1: Mirroring only, no striping. Data is mirrored across disks. If you have a two disk RAID 1 set then the same data is on both disks. Minimum of 2 disks.  Pros:    Redundant Write performance degradation is minima Cons:   You lose half of your disk capacity (two 1TB disks, 2TB total only nets you 1TB) RAID 5: Striping with parity. Data is striped across the all disks in the RAID 5 set and parity bits are distributed across the disks. Minimum of 3 disks  Pros:
  5. 5.    Can sustain a loss of 1 drive in the set Very good read performance Cons:    Write performance not as good as RAID 1 due to parity calculation Throughput is degraded when a disk does fail RAID 6: Striping with double parity. Data is striped across all disks in the RAID 6 set along with double parity. Minimum of 4 disks  Pros:   Useful in large RAID sets   Can sustain a loss of 2 drives in the set Very good read performance Cons:   More disk space is utilized for the extra parity   Requires 4 disks Write performance not as good as RAID 1 or 5 due to double parity calculation RAID 1+0 (RAID 10): Mirroring and Striping. Disks in a RAID 10 set are mirrored and then striped across more disks.Minimum of 4 drives and total drives must be an even number  Pros:    Great read/write performance Can survive many drive failures as long as all drives in a mirror don’t fail Cons:    Only 50% of disk capacity is available due to mirroring Complex compared to RAID 0 and RAID 1 Identify Supported HBA types o The three types of Host Bus Adapters (HBA) that you can use on an ESXi host are Ethernet (iSCSI), Fibre Channel or Fibre Channel over Ethernet (FCoE). In addition to the hardware adapters there is software versions of the iSCSI and FCoE adapters (software FCoE is new with version 5) are available. o There are far too many adapters to list, but the usual suspects make them:  Broadcom
  6. 6.   Emulex   Cisco  o Brocade QLogic To see all the results search VMware’s compatibility guide Identify virtual disk format types o There are three types of virtual disk formats: 1. Thick Provision Lazy Zeroed – a thick disk is created and all space on the underlying storage is allocated upon creation. The blocks within the allocated space are zeroed out on demand (not at the time of virtual disk creation) 2. Thick Provision Eager Zeroed – a thick disk is created and all space on the underlying storage is allocated upon creation. The blocks within the allocated space are zeroed out up front – it will take some time (considerable amount of time depending on disk size) to create this type of virtual disk 3. Thin Provisioned – Only space that is needed is allocated to these types of disks. As the need for more physical space grows a thin provisioned disk will grow to meet that demand, but only up to its configured size o Using a Raw Device Mapping (RDM) may also be considered a virtual disk format type. While I don’t consider it a virtual disk format, I wanted to include it anyway. A RDM is a pointer to a physical LUN on a SAN. When you create a RDM a .vmdk file is created, but only contains pointer to the physical LUN Skills and Abilities  Determine use cases for and configure VMware DirectPath I/O o DirectPath I/O allows a VM to access a device on the physical server without intervention from the hypervisor o The CPUs must have Intel Virtualization Technology for Directed I/O (Intel VT-d) feature or if using AMD processors, have AMD I/O Virtualization Technology (IOMMU). Once you verify your CPUs are capable, ensure the feature is enabled within the BIOS o According to test results done by VMware in a recent performance whitepaper,Network I/O Latency in vSphere 5, using DirectPath I/O lowered the round trip time by 10 microseconds.
  7. 7. While 10 microseconds may seem miniscule, it can be the difference with very low latency applications o A few use cases:   A legacy application that may be bound to the physical device  o Stock Market applications (an example used in the aforementioned white paper) Can improve CPU performance for applications with a high packet rate Configuring DirectPath I/O on the ESXi host (from VMware KB 1010789)  In the vSphere client select a host from the inventory > click the Configurationtab > click Advanced Settings under the Hardware pane  Click Edit and select the device(s) you want to use > click OK  Reboot the host (once the reboot is complete the devices should now appear with a green icon) o Configuring a PCI Device (Direct Path I/O) on a Virtual Machine (from VMware KB 1010789)  In the vSphere client right-click the virtual machine you want to add the PCI device to and click Edit Settings…    Click the Hardware tab > click Add Choose the PCI device > click Next Determine requirements for and configure NPIV o N-Port ID Virtualization (NPIV) is used to present multiple World Wide Names (WWN) to a SAN network (fabric) through one physical adapter. NPIV is an extension of the Fibre Channel protocol and is used extensively on converged platforms (think Cisco UCS) o Here are a list of requirements you must meet in order to use NPIV  The Fibre Channel switches must support NPIV  The physical HBAs in your hosts must support NPIV  vMotioning a virtual machine configured with NPIV to a host whose physical HBA does not support NPIV will revert to using the WWN of the physical HBA  Heterogeneous HBAs across physical hosts is not supported  The physical HBAs must have access to the LUNs that will be accessed by the NPIVenabled virtual machines
  8. 8.  Ensure that the NPIV LUN ID at the storage layer is the same as the NPIV target ID o Guest NPIV only works with Fibre Channel switches o NPIV does not support Storage vMotion o Unfortunately I don’t have an environment that I can go through and document for you the step-by-step process. The steps below are from the vSphere 5 Storage Guide o Configuring NPIV  Open the New Virtual Machine wizard.  Select Custom, and click Next.  Follow all steps required to create a custom virtual machine.  On the Select a Disk page, select Raw Device Mapping, and click Next.  From a list of SAN disks or LUNs, select a raw LUN you want your virtual machine to access directly.  Select a datastore for the RDM mapping file  Follow the steps required to create a virtual machine with the RDM.  On the Ready to Complete page, select the Edit the virtual machine settings before completion check box and click Continue. The Virtual Machine Properties dialog box opens.  Assign WWNs to the virtual machine.  Click the Options tab, and select Fibre Channel NPIV.  Select Generate new WWNs.  Specify the number of WWNNs and WWPNs. A minimum of 2 WWPNs are needed to support failover with NPIV. Typically only 1 WWNN is created for each virtual machine.   Click Finish. Determine appropriate RAID level for various Virtual Machine workloads o Earlier in this objective I covered different RAID levels and their respective advantages/disadvantages. Now lets discuss where these RAID levels fit in best with different workloads o Typically when your workloads are read intensive it is best to use RAID 5 or RAID 6. When the workload is write intensive you want to use RAID 1 or RAID 1+0. Hopefully the
  9. 9. application owner can give you the read/write percentages so that you can determine which RAID level is best. o Here’s an example:  Formula: (total required IOPs * read%) + (total required IOPs * write% * RAID penalty) = total IOPs required   35% read   400 IOPs required 65% write RAID1 = (400 * 0.35) + (400 * 0.65 * 2) = 660 IOPs   10K disks required = 5   15K disks required = 4 7.2 disks required = 9 RAID5 = (400 * 0.35) + (400 * 0.65 * 4) = 1180 IOPs   10K disks required = 9   15K disks required = 7 7.2 disks required = 16 RAID6 = (400 * 0.35) + (400 * 0.65 * 6) = 1700 IOPs   10K disks required = 14  o 15K disks required = 10 7.2 disks required = 23 As you can see, the number of disks required depends on the RAID level you choose. So when determining which RAID level to choose, you need to factor in the number of disks you have against the level of protection you will provide. Each of the above RAID levels can meet the IOPs required for the workload, but some require more disks dependent upon the RAID level and type of disks. o In the above example I would go with RAID 5 on 15K disks. While RAID 1 would only require 4 disks to meet the IOPs requirement, it may actually require more disks because you lose 50% capacity in any give RAID 1 set. o A tool built-in to ESXi that can be VERY useful in determining the I/O characteristics of a virtual machine workload is vscsiStats. I’m not going to go into real detail here as to how exactly to interpret the statistics is pulls, but will provide you with the basics and a super AWESOME blog that really goes into detail and even provides some templates
  10. 10.  you can run vscsiStats from anywhere within the shell (console or SSH), but keep in mind that the first “S” in “Stats” is captilized  To get going, here is the commands you will run to start, along with an explanation of each paramter 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 # find the world ID for the VM you want to collect statistics on vscsiStats -l # this will start the collection. -s tells it to start and -w specifies the world ID vscsiStats -s -w 466937 # here is what should be returned after entering the command above # "vscsiStats: Starting Vscsi stats collection for worldGroup 466937, handleID 8207 ( # "Success." # after this runs for a period of time you need to pull what's been collected using t # for the world ID and -p <stat> for the stat you want to pull (-p can be ioLength, s # latency, interarrival and all. Use the -c parameter to specify a csv format vscsiStats -w 466937 -p all -c # once you're done you want to stop the collection vscsiStats -x  If you want to learn how to interpret these results check out Erik Zandboer’sthree-part series, it is definitely a useful resource  Apply VMware storage best practices o Best practices for storage and vSphere will always require a look at your storage vendor’s documentation as it will differ across platforms. However, from the vSphere side we can apply general best practices regardless of the underlying storage platform o Best Practices for Fibre Channel Storage  First and foremost you should document the environment  includes software versions, zoning LUN masking, etc…  Only one VMFS datastore per LUN  Disable automatic host registration  GUI – Modify Advanced Settings > Disk > Disk.EnableNaviReg = 0
  11. 11.  the esxcli way esxcli system settings advanced set -i=0 -o "/Disk/EnableNaviReg" 1  Use read/write caching on the array  ensure non-ESXi hosts are not accessing the same LUNs or physical disks as your ESXi hosts  Ensure you have paths to all storage processors for proper load balancing and redundancy  Enable Storage I/O Control (SIOC)  Ensure you design your storage with proper IOPs in mind (see above section on identifying proper RAID levels)  use a dual redundant switching fabric  match all queue depths across the application, guest OS, ESXi host, HBA and storage array o Best Practices for iSCSI  Document the environment  Use on one VMFS datastore per LUN  Enable read/write cache on the array  only ESXi hosts should be accessing the LUN(s) and underlying physical disks  Ensure each ESXi hosts has the appropriate number of network adapters to handle throughput for iSCSI traffic  Bind multiple network adapters to the iSCSI software adapter for redundancy  match all queue depths across the application, guest OS, ESXi host and storage array  separate uplinks on the physical switch so they are not using the same buffers  Ensure you don’t have Ethernet bottle necks going to your storage (or anywhere for that matter)   o Isolate storage traffic to its own VLAN if possible Enable Storage I/O Control (SIOC) Best Practices for NFS  Isolate storage traffic to its own VLAN if possible
  12. 12.  Enable Storage I/O Control (SIOC)  Mount all NFS exports the same across all hosts  If you increase the max number of NFS mounts for a hosts, be sure to also increase the heap size accordingly  Increase Max NFS volumes through the GUI   Modify Advanced Settings > NFS > NFS.MaxVolumes The esxcli way esxcli system settings advanced set -i=32 -o "/NFS/MaxVolumes" 1  Increase the TCP Heap Size through the GUI (changing the heap size requires a reboot of the ESXi host)   The esxcli way esxcli system settings advanced set -i=16 -o "/Net/TcpipHeapSize" 1  Modify Advanced Settings > Net > Net.TcpipHeapSize Understand the use cases for Raw Device Mapping o In order to understand why you would use a Raw Device Mapping (RDM), we need to define it. “An RDM is a mapping file in a separate VMFS volume that acts as a proxy for a raw physical storage device” – vSphere Storage Guide o RDMs come in two flavors; physical compatibility mode and virtual compatibility mode  Physical compatibility mode:  The VMkernel passes all SCSI commands to the mapped device with the exception of the REPORT LUNs command. This command is virtualized so that the VMkernel can isolate the mapped device to whichever virtual machine owns it   Can be greater than 2TB in size (assumes VMFS5) Virtual compatibility mode:  Unlike physical compatibility mode, virtual mode will only pass the READ and WRITE command to the mapped device, all other SCSI commands are handled by the VMkernel  o Cannot be greater than 2TB There are certain scenarios in which you don’t have a choice but to use RDMs:  When using Microsoft Clustering Services across physical hosts. Any cluster data disks and quorum disks should be configured as a RDM
  13. 13.  If at any point you want to use N-Port ID Virtualization (NPIV) within the guest you will need to use a RDM  o If you need to run SAN management agents inside a virtual machine To fully understand the use cases for RDMs you must also know their limitations  Virtual machine snapshots are only available when using a RDM in virtual compatibility mode  You can’t map to a certain partition on a device, you must map to the entire LUN  You cannot use direct attached storage devices to create a RDM (direct attached devices do not export the SCSI serial number, which is required for a RDM) o Now that you have read what a RDM is, the available modes, when you MUST use them and what some of their limiting factors are you can start to narrow down the use cases. To furthur assist you here is a table from the vSphere Storage Guide that outlines the feature sets when using VMFS, virtual RDM and physical RDM ESXi Features Virtual Disk File Virtual Mode RDM Physical Mode RDM SCSI Commands Passed Through No No YesREPORT LUNs is not passed through vCenter Server Support Yes Yes Yes Snapshots Yes Yes No Distributed Locking Yes Yes Yes Clustering Cluster-in-a-box only Cluster-in-aboxcluster-acrossboxes Physical-to-virtual clusteringcluster-acrossboxes SCSI Target-Based Software No No Yes  Configure vCenter Server storage filters o There are four different storage filters that can be configured; VMFS Filter, RDM Filter, Same Host and Transports Filter and the Host Rescan Filter. If you don’t know what these are, here is a quick explanation:  VMFS Filter: filters out storage devices or LUNs that are already used by a VMFS datastore
  14. 14.  RDM Filter: filters out LUNs that are already mapped as a RDM  Same Host and Transports Filter: filters out LUNs that can’t be used as a VMFS datastore extend.  Prevents you from adding LUNs as an extent not exposed to all hosts that share the original VMFS datastore.  Prevents you from adding LUNs as an extent that use a storage type different from the original VMFS datastore  Host Rescan Filter: Automatically rescans and updates VMFS datastores after you perform datastore management operations o You create these filters from vCenter through Administration > vCenter Server Settings… > Advanced Settings. From here you enter in a new Key/Value pair and click the Add button o Once those settings are added there are a few different places you can view them:  within the Advanced Settings window of where you added them  The vpxd.cfgfile on your vCenter server (C:ProgramDataVMwareVMware VirtualCenter)   o located between the <filter></filter> tags you can also view the vpxd.cfg file from the ESXi host itself (/etc/vmware/vpxa) All storage filters are enabled by default. To disable them set the following keys tofalse VMFS Filter config.vpxd.filter.vmfsFilter RDM Filter config.vpxd.filter.rdmFilter Same Hosts and Transports Filter config.vpxd.filter.SameHostAndTransportsFilter Host Rescan Filter config.vpxd.filter.hostRescanFilter o  Here is a short video of Configuring vCenter Server Storage Filters Understand and apply VMFS resignaturing o VMFS resignaturing occurs when you you are trying to mount a new LUN to a host that already has a VMFS datastore on it. You have three options when mounting a LUN to an ESXi host with an existing VMFS partition; Keep the existing signature,Assign a new signature and Format the disk. Here is a brief description of each of those options
  15. 15.  Keep the existing signature: Choosing this option will leave the VMFS partition unchanged. If you want to preserve the VMFS volume (keep the existing UUID), choose this option. This is useful when you are doing LUN replication to a DR site and need to mount the cloned LUN – MUST BE WRITABLE  Assign a new signature: Choosing this option will delete the existing disk signature and replace it with a new one. You MUST use this option (or the format option) if the original VMFS volume is still mounted (you can’t have two separate volumes with the same UUID mounted simultaneously). During resignaturing a new UUID and volume label are assigned, which consequently means that any virtual machines that are registered on this VMFS volume must have their configuration files updated to point to the new name/UUID or the virtual machines must be removed/re-added back to the inventory  Format the disk: Nothing much new here; choosing this option is the same as creating a new VMFS volume on a blank LUN – - ALL EXISTING DATA WILL BE LOST o There are two way that you can add an LUN with an existing VMFS volume to a host; through the GUI and through the command line. The following assumes your host has access to the LUN on the array side: o Adding a LUN with an Existing VMFS Volume using the GUI 1. From within the vSphere client, either connect to vCenter or directly to a host, navigate to the Hosts and Clusters view: Home > Hosts and Clusters (or Ctrl + Shift + H) 2. Select the host you want to add the LUN to on the right > select theConfiguration tab 3. Click on the Storage Hyperlink 4. Click the Add Storage… hyperlink in the upper right 5. Select Disk/LUN > click Next 6. Select the appropriate LUN > click Next 7. Select one of the aforementioned options (Keep the existing signature, Assign a new signature or Format the disk) 8. Click Finish 9. If you are connected to vCenter you may receive the following error during this process
  16. 16. i. Check out VMware KB1015986 for a workaround (connect directly to the host and add the LUN) o Adding a LUN with an Existing VMFS Volume using esxcli 1. SSH or direct console to the ESXi host that you want to add the LUN with the existing VMFS volume to — You can also connect to a vMA instance and run these commands 2. Once connected you need to identify the ‘snapshots’ (which volumes have an existing VMFS volume on it) 01 02 03 04 05 06 07 08 09 10 # This will list the snapshots that are available esxcli storage vmfs snapshot list # Mount a snapshot named 'replicated_lun' and keep the existing signature (find the s # to mount using the output from the previous command esxcli storage vmfs snapshot mount -l 'replicated_lun' # Mount a snapshot named 'replicated_lun' and assign a new signature (find the snapsh # to mount using the output from the first command esxcli storage vmfs snapshot resignature -l 'replicated_lun' o Here is a video showing you how to mount a VMFS volumes that has an identical UUID as another volume. It will show you how to mount a volume while keeping the existing signature and by applying a new signature; all using esxcli – Enjoy!  Understand and apply LUN masking using PSA-related commands o LUN masking gives you control over which hosts see which LUNs. This allows multiple hosts to be connected to a SAN with multiple LUNs while allowing only hosts that you specify to see a particular LUN(s). The most common place to do LUN masking is on the back-end storage array. For example, an EMC Clariion or VNX provides LUN masking by way of
  17. 17. Storage Groups. You add hosts and LUNs to a storage group and you have then essentially “masked” that host to only seeing those LUNs. o Now that we have a better idea of what LUN masking is, let’s go into an example of how you would actually do this on an ESXi host. o The first thing we need to do is identify which LUN we want to mask. To do this:  esxcfg-scsidevs -m — the -m will display only LUNs with VMFS volumes, along with the volume label. In this example we are using the “vmfs_vcap_masking” volume”  Now that we see the volume we want, we need to find the device ID and copy it (starts with “naa.” In this example our device ID is naa.5000144fd4b74168 o We have the device ID and now we have to find the path(s) to that LUN  esxcfg-mpath -L | grep naa.5000144fd4b74168 — the -L parameter gives a compact list of paths  o We now see there are two paths to my LUN, which are C0:T1:L0 and C2:T1:L0 Knowing what are paths are we can now create a new claim rule, but first we need to see what claim rules exist in order to not use an existing claim rule number  esxcli storage core claimrule list
  18. 18. o We can use any rule numbers for our new claim rule that isn’t in the list above. We’ll use 500. Now lets create the new claim rule for the first path; C0:T1:L0 which is on adapter vmhba35  esxcli storage core claimrule add -r 500 -t location -A vmhba35 -C 0 -T 1 -L 0 -P MASK_PATH — you know the command succeeded if you don’t get any errors. o Masking one path to a LUN that has two paths will still allow the LUN to be seen on the second path, so we need to mask the second path as well. This time we’ll use501 for the rule number and C2:T1:L0 as the path. The adapter will still be vmhba35  esxcli storage core claimrule add -r 501 -t location -A vmhba35 -C 2 -T 1 -L 0 -P MASK_PATH — you know the command succeeded if you don’t get any errors. o Now if you run esxcli storage core claimrule list again you will see the new rules,500 and 501 but you will notice the Class for those rules show as file which means that it is loaded in /etc/vmware/esx.confbut it isn’t yet loaded into runtime. Let’s load our new rules into runtime  esxcli storage core claimrule load  Now run esxcli storage core claimrule list and this time you will see those rules displayed twice, once as the file Class and once as the runtime Class
  19. 19. o Only one more step left. Before those paths can be associated with the new plugin (MASK_PATH), they need to be disassociated from the plugin they are currently using. In this case those paths are claimed by the NMP plugin (rule 65535). This next command will unclaim all paths for that device and then reclaim them based on the claimrules in runtime. Again we’ll use naa.5000144fd4b74168to specify the device  esxcli storage core claiming reclaim -d naa.5000144fd4b74168  After about 30 seconds, if you are watching the storage area on your host within the vSphere client you will see that datastore disappear from the list  Running esxcfg-mpath -L | grep naa.5000144fd4b74168 again will now show 0 paths(before it showed 2) o Here is a quick list of commands you would need to run if you wanted to unmask those two paths to that LUN and get it to show up again in the vSphere client 1 2 3 4 5 6 esxcli esxcli esxcli esxcli esxcli esxcli o  storage storage storage storage storage storage core core core core core core claimrule remove -r 500 claimrule remove -r 501 claimrule load claiming unclaim -t location -A vmhba35 -C 0 -T 1 -L 0 claiming unclaim -t location -A vmhba35 -C 2 -T 1 -L 0 adapter rescan -A vmhba35 Here is a pretty awesome video of performing LUN masking using the all powerful OZesxcli Identify and tag SSD devices o There are a few ways that you can identify an SSD device. The easiest way is to look in the storage area (select host > click Configuration > click the Storage hyperlink) and look at the Drive Type column of your existing datastores. This will either sayNon-SSD or SSD
  20. 20. o Now you can only use the previous method if you already have a datastore mounted on that LUN. If you don’t, SSH into your host and let’s use esxclito figure out which devices are SSDs  esxcli storage core device list  o The Is SSD will show True or False The PowerCLI Way 01 02 03 04 05 06 07 08 09 10 11 12 13 14 $esxcli = Get-EsxCli $esxcli.storage.core.device.list() #Here is the output (truncated) #AttachedFilters #DevfsPath #Device #DeviceType #DisplayName #IsPseudo #IsRDMCapable #IsRemovable #IsSSD #Model : : : : : : : : : : /vmfs/devices/disks/na naa.5000144f60f4627a Direct-Access EMC iSCSI Disk (naa.50 false true false true LIFELINE-DISK
  21. 21. 15 o Identifying a SSD device is easy when they are detected automatically, but what if your SSD device isn’t tagged as a SSD by default? The answer is you can manually tag them. This has to be done with our good friend esxcli  First you need to identify which device is not being tagged automatically (there are multiple ways of tagging the device, in this example we will use the device name) Run the following command so you can get the Device Display Nameand the Path Selection Policy  esxcli storage nmp device list  In this example the device name will be naa.5000144f60f4627a and the PSP will be VMW_SATP_DEFAULT_AA– now we must add a PSA claim rule specifying the device, the PSP and the option to enable SSD  esxcli storage nmp satp rule add -s VMW_SATP_DEFAULT_AA -d naa.5000144f60f4627a -o enable_ssd  — no result should be displayed Just like our claimrules in the previous section, we need to unclaim the device and load the claimrules into runtime. An additional step is also needed to execute the claimrules (this step was not required when creating LUN Masking claim rules). Again, you will need the device ID for the next command (naa.5000144f60f4627a) 1 2 3 4 5 6 7 8 # unclaim the device esxcli storage core claiming unclaim -t device -d naa.5000144f60f4627a # load the claim rules into runtime esxcli storage core claimrule load # execute the claim rules esxcli storage core claimrule run
  22. 22. 9 10 11  # if the device is already mounted you will see it disappear from the Datast # and then reappear with a Drive Type of SSD While I was writing this up I figured out you can tag drives as a SSD drive even if they aren’t actually SSDs. I was excited about being able to document it and then realized that WIlliam Lam of virtuallyGhetto fame had already documented this 10 months ago  Administer hardware acceleration for VAAI o Since I only have block storage in my lab I will not be showing examples hardware acceleration for NFS, but will list procedures and capabilities for it o Within the vSphere client you can see whether Hardware Acceleration is supported for your device (click on a host > click configuration > click the Storagehyperlink) o The hardware acceleration available for block devices are:   Block Zeroing  Hardware Assisted Locking (ATS)  o Full Copy Unmap If your device is T10 compliant, it uses the the T10 based SCSI commands, therefore enabling hardware acceleration support without the use of the VAAI plugin. If your device is not T10 compliant (or is partially) the VAAI plugin is used to bridge the gap and enable hardware acceleration
  23. 23. o Display Hardware Acceleration Plug-Ins and Filter   o esxcli storage core plugin list -N VAAI — displays plugins for VAAI esxcli storage core plugin list -N Filter – displays VAAI filter Displaying whether the device supports VAAI and any attached filters (for this example I’m using naa.6006016014422a00683427125a61e011as the device)  esxcli storage core device list -d naa.6006016014422a00683427125a61e011
  24. 24. o Display VAAI status of each primitive on a device (again usingnaa.6006016014422a00683427125a61e011)  esxcli storage core device vaai status get -d naa.6006016014422a00683427125a61e011 o Before we move on to adding hardware acceleration claim rules, lets check out how to display the current claim rules for filters and for VAAI   o Filter — esxcli storage core claimrule list –c Filter VAAI – esxcli storage core claimrule list –c VAAI Adding hardware acceleration claim rules is a 5 step process. The first two steps are creating two claim rules, one for the VAAI filter and another for the VAAI plugin. The third and fourth steps are loading the claim rules into runtime. The last step is executing the claim rules.
  25. 25. Since you are doing this manually you would need to know the Type information, in our case is Vendor and the Vendor information which in this case will be vlabs. Let’s get to it: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 # this will create a new claim rule for the VAAI_Filter with a type of "Vendor" and t # the -u parameter automatically assigns the rule number esxcli storage core claimrule add -c Filter -P VAAI_FILTER -t vendor -V vlabs -u # this will create a new claim rule for the VAAI Plugin with a plugin name of "VMW_VA # the -f parameter is being used to force the command as the aforemention plugin name esxcli storage core claimrule add -c VAAI -P VMW_VAAI_VLABS -t vendor -V vlabs -u -f # load the filter plugin claim rule into runtime esxcli storage core claimrule load -c Filter # load the VAAI plugin claim rule into runtime esxcli storage core claimrule load -c VAAI # execute the new claim rules esxcli storage core claimrule run -c Filter o For NFS you will need to install the plug-in provided by your array vendor and then verify the hardware acceleration (use esxcli storage nfs list). To see the full procedure for installing and updating NAS plugins see pages 177-180 of the vSphere Storage Guide  Configure and administer profile-based storage o Before we can administer profile-based storage we first must configure it (I know “DUH”). Of course, before we can configure it we must have a basic understanding of the elemts of profile-based storage. Profile-based storage are profiles of certain storage features an array might have. Those features are added as a capability (if they are not already defined by the array). There are system-defined capabilities and user-defined capabilities. Here are a list of basic steps on the road to profile-based storage  Create user-defined capabilities (optional) to go along with any system-defined capabilities  Associate those capabilities with datastores that coincide with said capability  Enable virtual machine storage profiles (host or cluster level)  Create virtual machine storage profiles  Associate a virtual machine storage profile with virtual disks or virtual machine files  Check for compliance of the associated storage profile on the virtual machine
  26. 26. o Let’s create some user-defined storage capabilities.  Log into vCenter using the vSphere client and click the Home button in the navigation bar  Under Management click the VM Storage Profiles button  Just under the navigation bar, click Manage Storage Capabilities  You’re now presented with a dialog box where you can add your own. Click theAdd. . . button   I’ve created three user-defined capabilities; vcap5-dca, 7200 Disks and SSD  o Type the Name of the capability > give it a Description > click OK When you’re finished adding capabilities, click the Close button We’ve created the capabilities, but now we need to associate them with a datastore(s)  Navigate to the Datastores and Datastore Cluster view (Home > Inventory >Datastores and Datastore Clusters or use the hot keys Ctrl + Shift + D)  Right-click on the datastore that you want to assign a capability to > clickAssign UserDefined Storage Capability…  From the drop-down menu select an existing storage capability (you can also create a new capability from here should you need to by clicking theNew…button)
  27. 27.  Click OK  Repeat on all datastores in which you need to assign a user-defined storage capability. If you are assigning the same storage capability to multiple datastores you can select them all at once and then assign the capability  o NOTE: You can only assign one storage capability per datastore We need to create virtual machine storage profiles, but first we must enable this on either a host or a cluster  In the vSphere client and click the Home button in the navigation bar  Under Management click the VM Storage Profiles button  Under the navigation bar click Enable VM Storage Profiles  From here you can select a particular cluster  ALL hosts within the cluster must have a Licensing Status of Licensed.Any other status, such as Unknown and you will not be able to enable it   o Once you’ve selected which cluster you want click the Enable hyperlink in the top right Click the Close button once the VM Storage Profile Status changes toEnabled Creating a new VM Storage Profile  In the vSphere client and click the Home button in the navigation bar  Under Management click the VM Storage Profiles button  Under the navigation bar click Create VM Storage Profile  Enter in a descriptive name (such as a defined SLA, e.g. Platinum)  Enter in a description for the new profile > click Next  Select which storage capabilities should be a part of this profile. For this example I’m selecting the vcap5-dcacapability)
  28. 28.  BE CAREFUL HERE. If you select more capabilities than exist on a single datastore then a VM that has this particular storage profile applied to it will never show up as compliant  o Click Next > click Finish We have successfully created a VM Storage Profile, but it won’t do us any good until we associate it with a virtual machine  In the vSphere client navigate to the VMs and Templates view (Home >Inventory > VMs and Templates or press Ctrl + Shift + V)  Right-click on a virtual machine that you want to apply a VM Storage Profile to > click VM Storage Profile > Manage Profiles…  From the drop-down menu choose a profile. In our case it’s the Platinumprofile  From here you have two options. You can click Propagate to disks, which will associate all virtual disks for that VM to the Platinum profile. If you don’t want to propagate to all the disks you can manually set which disks you want to be associated with that profile  In this example I am forgoing the propagate option and only setting this on Hard disk 1
  29. 29.  o Click OK when you are finished Lastly, we need to check the compliance of the VM Storage Profile as it relates to that particular VM  In the vSphere client navigate to the VMs and Templates view (Home >Inventory > VMs and Templates or press Ctrl + Shift + V)  Click on the virtual machine that you just associated the VM Storage Profile with and click the Summary tab (should be default)  Look at the VM Storage Profiles section and check the Profile Compliance  Here it will list whether it is compliant or not and the last time it checked (if you need to check it again for compliance you can initiate that by right-clicking the VM > click VM Storage Profile > Check Profiles Compliance)  Prepare storage for maintenance (mounting/un-mounting) o Should you need to perform storage maintenance on disks that make up a VMFS volume you will want to unmount it from vSphere. Here are a list of prerequisites for a VMFS datastore before it can be unmounted
  30. 30.   The datastore is not part of a Datastore Cluster  The datastore is not managed by storage DRS  Storage I/O control is disabled for this datastore  o No virtual machine resides on the datastore The datastore is not used for vSphere HA heartbeating To un-mount a datastore perform the following steps:  In the vSphere client, navigate to the Hosts and Clusters view  Select a host on the left and click the Configuration tab on the right > click theStorage hyperlink  Right-click on the datastore you want to un-mount and click Unmount  Verify that all the aforementioned checks have passed validation > click OK  If any of the requirements fail to validate then you will not be able to unmount the datastore o Using esxcli (I’m using the vmfs_vcap_masking datastore)  esxcli storage filesystem unmount -l vmfs_vcap_masking  There are scenarios where the GUI won’t let you un-mount a volume, say for example the datastore has a virtual machine on it. In this instance, even if the VM is
  31. 31. powered off the GUI won’t let you unmount the datastore. Using the esxcli command above however will let you unmount the datastore IF the VM is powered off  If you try to unmount a datastore via esxcli while a powered on VM resides on that datastore you will receive the following error  o Here is more information from the vmkernel log (screenshot is broken up) Once you’re complete with you maintenance you want to mount the volume  In the vSphere client, navigate to the Hosts and Clusters view  Select a host on the left and click the Configuration tab on the right > click theStorage hyperlink  Right-click on the datastore you want to mount and click Mount  Monitor the Recent Tasks pane to see when the operation is complete. Once complete the datastore will be available  Using esxcli (I’m using the vmfs_vcap_masking datastore)   esxcli storage filesystem mount -l vmfs_vcap_masking Upgrade VMware storage infrastructure o As with unmourning/mounting datastores, upgrading your VMware storage infrastructure, particularly upgrading to VMFS5, can be done through the GUI or using esxcli. Here are a few facts about upgrading from VMFS3 to VMFS5  VMFS5 has a 1MB block size regardless of disk file size  VMFS5 sub-blocks are now 8KB (VMFS3 is 64KB)  Block size you used on your VMFS3 partition will carry-over to the VMFS5 partition  The disk type of your newly upgraded VMFS5 partition will remain MBR until it exceeds the 2TB limit, at which it will automatically be converted to a GPT disk
  32. 32.  o The upgrade can be done online without disruption to running virtual machines If you have any VMFS2 partitions you will need to first upgrade them to VMFS3 and then you can upgrade to VMFS5 o If you prefer to build new VMFS5 partitions instead of upgrading, but don’t have space to create a new volume you can use the VM shuffle methodology to move VMs off one datastore to another, wipe the partition and create a new one and then continue with the shuffle until all VMFS datastores are complete. Conrad Ramoswrote a PowerCLI script to automate this, check it out here o Upgrade VMFS3 to VMFS5 via the vSphere Client  In the vSphere client, navigate to the Hosts and Clusters view  Select a host on the left and click the Configuration tab on the right > click theStorage hyperlink  Click on the datastore you want to upgrade > below the Datastore pane on the right, click the Upgrade to VMFS-5… hyperlink  o Click OK to perform the upgrade Upgrade VMFS3 to VMFS5 via esxcli (upgrading a volume with the name ofvmfs3_upgrade)  esxcli storage vmfs upgrade -l vmfs3_upgrade  once the command completes you will see that volume reflected as VMFS5under the Type column of the Datastore Views section within the vSphere client Tools  vSphere Installation and Setup Guide  vSphere Storage Guide  vSphere Command-Line Interface Concepts and Examples Command-line Tools  vscsistats  esxcli  vif
  33. 33. VCAP5-DCA Objective 1.2 – Manage Storage Capacity in a vSphere Environment For this objective I used the following documents:  Documents listed in the Tools section Objective 1.2 – Manage Storage Capacity in a vSphere Environment Knowledge **ITEMS IN BOLD ARE TOPICS PULLED FROM THE BLUEPRINT**  Identify storage provisioning methods o There are two types of storage that can be provisioned through vSphere; block storage and NAS.  Block Storage   iSCSI – IP storage using a hardware or software iSCSI initiator; uses VMFS  FCoE – Fibre Channel over Ethernet using a hardware of software HBA; uses VMFS   Local – any local storage attached to the host; uses VMFS FC – Fibre Channel using a hardware HBA; uses VMFNAS Storage NAS Storage  NFS – currently using NFSv3 to mount NFS shares as datastores; uses NFS instead of VMFS o GUI Provisioning Method  The easiest way to provision storage is using the vSphere client. From the vSphere client you can create VMFS 3 or VMFS 5 datastores, you can create Raw Device Mappings or create a Network File System. You can do all this through the Add Storage wizard from within the client   Select a host > click the Configuration Tab  Click the Storage hyperlink   Log into the vSphere client Click the Add Storage. . . hyperlink to launch the Add Storage wizard From the Add Storage wizard you can provision block or NAS storage into the vSphere environment o Command-line Provisioning Methods  To provision storage through the command-line you can use vmkfstools
  34. 34.  There aren’t a WHOLE lot of options for this command as it relates to creating file systems (you can also use vmkfstools to provision virtual disks. Here are the options:  You can specify whether it will be VMFS 3 or VMFS 5  You can set a block size (VMFS 3 ONLY)  You can set the volume name  You can also choose to span or grow an existing file system  Check out this example for creating a new VMFS 5 volume with a name ofvmkfstools_vcap5_volume (a partition must exist on the LUN prior to creating a file system, which is what partedUtil is used for) — VMware KB1009829details this out as well 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 # you'll need the device ID (esxcli storage core device list) # this command will get the current parition information, you need to see the last us partedUtil get /vmfs/devices/disks/naa.5000144f60f4627a # sample results "1305 255 63 20971520" # in this case 20971520 is the last usable sector. To create the parition we'll use 2 # this command creates parition number 1, starting at 128, ending at 20971500 with a partedUtil set /vmfs/devices/disks/naa.5000144f60f4627a "1 128 20971500 251 0" # this command creates the VMFS 5 volume with a label of "vmkfstools_vcap5_volume" vmkfstools -C vmfs5 -S vmkfstools_vcap5_volume /vmfs/devices/disks/naa.5000144f60f462 # if you want to remove this volume via the command line you can delete the underlyin partedUtil delete /vmfs/devices/disks/naa.5000144f60f4627a 1 # perform a rescan of the adapter and the volume will no longer be present esxcli storage core adapter rescan -A vmhba35  1 2 3 4 5 6 7 8 You can also add and remove new NAS volumes in the command-line usingesxcli # list any mounted NAS volumes esxcli storage nfs list # add a new NAS volume named "vm_backups" esxcli storage nfs add -H 10.90.190.130 -s /nfs/vm_backups -v vm_backups # remove a NAS volume named "vm_backups" esxcli storage nfs remove -v "vm_backups"
  35. 35.  Identify available storage monitoring tools, metrics and alarms o Two built-in monitoring tools that come with vSphere are Storage Reports andStorage Maps. Both of these can be found in the Storage Views tab within the vSphere client (this pertains to looking at host inventory objects)   o In the hosts and clusters view click on a host Click the Storage Views tab on the right Different metrics exist to monitor storage performance and utilization. These metrics can be viewed within the vSphere client or by using esxtop/resxtop o There are also a number of pre-defined alarms that will assist your monitoring efforts, such as Datastore usage on disk and Thin-provisioned LUN capacity exceeded. o Storage Reports  Storage reports will show you information on how different objects within your inventory map to storage entities. By default a storage report for a host inventory object includes:   Multipathing Status  Space Used  Snapshot Space   VM Name Number of disks Here is a screen shot detailing out the defaults (the items checked) as well as all available fields that can be displayed within storage reports (for host inventory objects)  The columns and information displayed will be dependent upon which inventory object you have selected. I’ll let you go through each one and see how these reports vary
  36. 36.  Reports are updated every 30 minutes by default. You can manually update them by clicking the Update… hyperlink from within Storage Views > Reportslocated on the upper right of the screen  You can filter these reports by selecting which columns you want to search on, and then typing in the keyword(s)  You can export reports in the following formats  HTML  XLS  CSV  XML  Export Reports   Click the Storage Views tab and select Reports  Choose which columns you want to view and any filtering  Right-click below the table and select Export List…  o Choose an inventory object Enter in a name and choose the file format > click Save Storage Maps  Storage maps give you a nice representation of storage resources (physical and virtual) as they pertain to a specific inventory object. Storage maps are also updated automatically every 30 minutes and you can manually update them by clicking the Update… hyperlink located near the top right of the inventory object > Storage Views > Maps screen  Just as with Storage reports, Storage maps have default views for each type of inventory object. Using the different checkbox within the Maps area you can filter out object relationships that you do not wish to see
  37. 37.  By left-clicking on an object you can drag it to different parts of the screen  Storage maps can also be exported in the same fashion as Storage reports, although, as you can imagine, your file type selection will be different   .bmp  .png  .tiff  .gif  o .jpeg .emf Storage Metrics (vSphere Client)  As with storage reports and storage maps, the types of metrics you will see as they relate to storage will vary depending upon which inventory object you select. For example, if you select a datastore inventory object you will by default be show space utilization views in a graph format (graphs based on file type and the top 5 virtual machines)  You can then change that default view from Space and change it toPerformance, which will show you a slew of performance charts for that particular datastore  To see the real “meat and potatoes” of metrics as they relate to storage within the vSphere client you need to look at advanced performance charts  Select a host from the inventory  Click the Performance tab > click the Advanced button
  38. 38.  From the drop down there are four related storage items   Disk  Storage Adapter   Datastore Storage Path If I went into every counter that you could see for the objects above you will be reading this post for the next 6 weeks. So know where these metrics are and at the very least familiarize yourself with defaults o Storage Metrics (esxtop/resxtop)  I decided not to go into a lot of detail for this section as there are already some great resources out there. For a good review of this tool check out Duncan Eppings blog post on esxtop. For a detailed review of all statistics for esxtop check out this VMware community post  For storage monitoring there are three panels within esxtop that you will want to be intimately familiar with (the letters at the end correspond the the esxtophotkey for those panels)   Storage Device Panel (u)   Storage Adapter Panel (d) Virtual Machine Storage Panel (v) Some key metrics you want to look at for the panels above  MBREAD/s — megabytes read per second  MBWRTN/s — megabytes written per second  KAVG — latency generated by the ESXi kernel  DAVG — latency generated by the device driver  QAVG — latency generated from the queue  GAVG — latency as it appears to the guest VM (KAVG + DAVG)  AQLEN – storage adapter queue length (amount of I/Os the storage adapter can queue)  LQLEN – LUN queue depth (amount of I/Os the LUN can queue)  %USD – percentage of the queue depth being actively used by the ESXi kernel (ACTV / QLEN * 100%) o Alarms
  39. 39.  There are a number of different pre-configured alarms related to storage that can be leveraged to alert you of impending storage doom. As with a lot of functions within vSphere, different alarms are pre-defined based on the inventory object that you select. Which means there are different storage related alarms for different inventory objects  If you are in the vSphere client and you select the top-most inventory object (the vCenter object) and you go to the Alarms tab, you can selectDefinitions and view ALL pre-configured alarms for all objects  Again, I won’t go into every single alarm and what they do, but here are a list of some I think are important to know, along with their default triggers  Cannot connect to storage – this alarm will alert you when a host has an issue connecting to a storage device The three defaukt triggers are:   Lost Storage Path Redundancy   Lost Storage Connectivity Degraded Storage Path Redundancy Datastore cluster is out of space – this alarm monitors disk space on datastore clusters. The default triggers are:    Send a Warning when utilization is above 75% Send an Alert when utilization is above 85% Datastore usage on disk – this alarm monitors disk space on a datastore. The default triggers are:    Send a Warning when utilization is above 75% Send an Alert when utilization is above 85% Thin-provisioned LUN capacity exceeded – this alarm monitors thin-provisioned LUNs using the vSphere Storage APIs. Triggers for these alarms must be modified through the vSphere API (VASA) and is implemented by your storage vendor Skills and Abilities  Apply space utilization data to manage storage resources o I’m not 100% what VMware is looking for on this, but my best guess is to use some of the techniques above to determine current space utilization, and then manage your storage resources appropriately
  40. 40. o Since we’ve already gone through the different metrics and alarms to monitor, let’s use the ESXi shell to determine VMFS disk usage. The command df, which in Linux speak stands for disk filesystem, is used to display the the filesystems that are mounted to that particular host. 1 2 3 4 5 6 7 8 9 # the -h parameter will make the disk space for the filesystem appear # as human readable (in this case in GB) you can use the -m or -k # parameters for megabytes and kilobytes respectively df -h # if you want to return only VMFS and NFS paritions run this command df -h | awk '/VMFS*/ || /NFS/' Since I filtered the results you don’t see an explanation of each column. From left to right: Filesystem  Size Used Available Use% Mounted on At the moment we are focused on space utilization, so we want to focus on theUse%. As you can see, none of my partitions are over 50%. If I had a highly used partition you would most likely get an alarm from the Datastore Usagealarm, and you could use df to see a summary of all your partitions  There are lots of way to rectify this, add more space/extents, delete unneeded virtual machines or remove unneeded virtual disks (you could accomplish this through the vSphere client or by using the vmkfstools -U command) o The bottom line is that you need to be aware of, not only how you can determine space utilization, but then to apply that data in an intelligent way in order to manage your storage resources effectively  Provision and manage storage resources according to Virtual Machine requirements
  41. 41. o I’ve covered some of this in Objective 1.1 – Implement and Manage Complex Storage Solutions. Before you can provision, or manage, storage resources for a virtual machine, you first must know the virtual machine requirements, which includes, but is not limited to:   I/O workload – how many spindles are needed to satisfy the workload  o Space – how much space is needed Resiliency — how protected does the data need to be Looking at the above list you can look at the application requirements for the recommended amount of disk space. You can use tools such as vscsiStats orIOmeter to determine the workload characteristics and how many spindles you’ll need. Depending upon availability and resiliency requirements will determine RAID level, whether snapshots (array level) will be used, what level of backup and how often to backup and how long the data needs to remain in an off-site location o Once you’ve determined the virtual machine requirements you can start to provision and manage your storage based on those requirements. If you have a virtual machine that requires a certain level of service or, say it needs to be on super fast storage, you can leverage a few vSphere features to help you accomplish that goal  Profile Driven Storage – again, I covered this in Objective 1.1 on how to configure and implement profile driven storage. You can create a profile based on a virtual machine(s) requirement, such as fast disks, and assign that storage capability to one or more datastores. You can then create a storage profile and apply it to the virtual machine. Whenever that particular virtual machine is on a datastore that doesn’t meet that storage profile, it will be marked non-compliant  Datastore Cluster – you can group similar datastores into a construct known as a datastore cluster. This allows you to assign virtual machines to that datastore cluster, and, in conjunction with Storage DRS, the virtual machine will be placed on the least used datastore (in terms of I/O and space utilization) o You can provision storage for a virtual machine in a few different ways:   o Adding a new disk through the vSphere Client vmkfstools Adding storage to a virtual machine through the vSphere client is pretty straight forward so lets go through how you would create an empty virtual disk usingvmkfstools 1 2 3 # the -c parameter specifies you want to create a new virtual disk and then you specif # the -d parameter specifies the disk format; zeroedthick, thin and eagerzeroedthick ( # the -a specifies the adapter type; buslogic, lsilogic, ide (default is buslogic)
  42. 42. 4 5 6 7 8 # here we will create a 10GB thin disk named vcap5.vmdk with the default buslogic adap # in a virtual machine folder named ESXi Template vmkfstools -c 10G -d thin '/vmfs/volumes/vlabs-px300_iscsi_vmfs02/ESXi Template/vcap5.  Above you can see that the command was successful and that thevcap5flat.vmdk and vcap5.vmdk files were created  Understand the interactions between virtual storage provisioning and physical storage provisioning o The virtual provisioning of physical storage can add benefit to your organization as long as you understand the implications of what you are doing. Virtual storage provisioning allows you to over-commit your storage resources as needed o If I had to pick one construct to understand when it comes to the interaction between virtual storage provisioning and physical storage provisioning it would be with Thin Provisioning. Thin provisioning allows you to create a virtual disk that is, for example, 40GB in size, but you’re actually only using 5GB. The guest operating system thinks its hard disk is physically 40GB, while the physical storage has only allocated 5GB  The biggest thing that you need to understand here is that by thin provisioning the actual size on the disk is less than what you’ve provisioned, which can get you into trouble if you aren’t paying attention to the physical storage  If you have a 100GB datastore, you can put 40 VMs with 5GB virtual hard disks that are thin provisioned. Even those those 40 VMs may only be using 2GB each, they have the potential to grow up to 5GBs, which at a certain point would cause you to physically run out of storage space; NOT GOOD!
  43. 43.  In the section above we went over created an empty virtual disk, and we created it as a thin disk. Since it is a thin disk,the provisioned size will be different from the actual size. Here is what you’ll see when looking in the datastore browser  As you can see the Size and Provisioned Size are much different.  The same exists when you have a datastore full of thin disks, the Capacity andProvisioned Space will differ. Let’s have a look (Go to the Datastores and Datastore Cluster view > click on a datastore on the left > click the Summarytab on the right)  The Capacity is 1.56 TB while the provisioned space is more than 1TB over the physical capacity. However, my physical free space is still ~600GB o The point I’m trying to get across is that you need to be intimately familiar with what your virtual storage environment is, and what it is doing, while keeping the physical storage in mind o If you have a thinly provisioned virtual disk that you want/need to physically consume all of its provisioned space AFTER you have created it then you can Inflate the disk. This can be done within the datastore browser by right-clicking on the VMDK file and selecting Inflate. You can also do this from the command line; here is how 1 2 3 4 # this command will inflate a thin disk, thereby forcing it to consume its fully provi # on the physical storage array. Again we're using the vcap5.vmdk vmkfstools -j '/vmfs/volumes/vlabs-px300_iscsi_vmfs02/New Virtual Machine/vcap5.vmdk'  This operation can take quite a long time to complete depending on how much physical space needs to be zeroed out
  44. 44.  Now as you can see the Size shows what the Provisioned Size used to show, and now the Provisioned Size column is blank (which is expected as that field isn’t populated unless the virtual disk is thin)  Apply VMware storage best practices o This seems redundant as Objective 1.1 – Implement and Manage Complex Storage Solutions has a section called Apply VMware storage best practices, See the details in that post under the same heading  Configure Datastore Alarms o There are five pre-configured datastore alarms that ship with vSphere 5, see the below screen shot for their names and descriptions o Aside from the five datastore alarms you see above, there are a lot more triggers we can use to create alarms for the Datastore monitor and whether you choose to monitor for a specific condition/state or for a specific event  Log into the vSphere client and navigate to the Datastores and Datastore Cluster view  Click on a datastore from the listing on the left > click the Alarms tab > click theDefinitions button  Right-click anywhere under the pre-configured alarms and select New Alarm…  Enter in the following details:  Alarm Name: Datastore Over Provisiong Alarm
  45. 45.  Description: Alarm to monitor the provisioned space on the datastore  Alarm Type: Datastore  Choose Monitor for specific conditions or state…  Enable this alarm: Check this box  Click on the Triggers tab > click Add to add a new trigger  Enter in the following details:   Condition: Is above  Warning: 100  Alert: 200   Trigger Type: Datastore Disk Provisioned (%) Select the Trigger if any of the conditions are satisfied radial button Click the Reporting tab
  46. 46.  Choose if you want the alarm to repeat when the condition exceeds a certain range  Choose the frequency o Click the Actions tab > click Add to add an action o Enter in the following details  Action: Send a notification email  Configuration: josh.coen@valcolabs.com  You can choose when to perform this action based on the alarm transition state. By default this will perform the action one time when the alarm goes from warning to alert. Just leave the default o Click OK (you will get a warning message if your vCenter SMTP settings are not configured) o There are A LOT more triggers that relate to the Datastore monitor when you select the Monitor for specific events occurring… radial button. Here is a list:
  47. 47. o As you can see you have A LOT of options to choose from and you can use the instructions in the previous steps to create new alarms that can help you effectively monitor your datastores  Analyze Datastore Alarms and errors to determine space availability o Using datastore alarms and errors to determine your available space is pretty straight forward. The default alarm Datastore usage on disk is the perfect alarm to use, and it’s enabled by default o The Datastore usage on disk alarm is pre-configured to trigger a warning when its disk usage is over 75%. It will trigger an alert if it gets above 85%. Now again, these are the defaults for this alarm, you may want to edit the thresholds based on your organizations best practices as it relates to %free for storage o You can only edit alarms in the scope in which they are defined in. In this case, theDatastore usage on disk alarm is defined at the top level object, which is the vCenter object o I created an 8.6GB eagerzeroedthick virtual disk using vmkfstools on a datastore that had only 8.89GB free. 1 2 3 # for those interested, here is the command I used to create the virtual disk vmkfstools -c 8600mb -d eagerzeroedthick /vmfs/volumes/vmfs_vcap_masking/vcap5.vmdk o Once my view was updated (these are updated every 30 minutes) an alert was triggered
  48. 48. o Now if I was seeing this alert for the first time the first thing I would do is check the space availability of my datastore. If it was in fact close to being at capacity I would either allocate more space, delete unneeded virtual disks/files or perform a storage vMotion to another datastore that had more capacity  Configure Datastore Clusters o Configuring datastore clusters is an easy enough process, but it is a process and can only be created from the vSphere client (can’t create in vSphere Web Client)  Log into the vSphere client and navigate to the Datastores and Datastore Clusters view  Right-click on your datacenter object and select New Datastore Cluster…  Enter in a name for the datastore cluster and choose whether or not to enable Storage DRS  Click Next
  49. 49.  Choose either No Automation (Manual Mode) or Fully Automated  We aren’t adding any Advanced Options so click Next  Decide whether you want to enable the I/O metric for SDRS recommendations  Choose the thresholds you want SDRS recommendations to be triggered on    Utilized Space — default is 80% I/O Latency — default is 15ms Click the Show Advanced Options hyperlink to set the advanced options  Set the percentage for the minimum utilization difference between the source and destination datastore before SDRS will make a recommendation  Here is an example: If leave this at the default (5%), SDRS will not make a recommendation for a move unless the there is at least a 5% difference between the source datastore and the destination datastore in terms of utilization. So, the datastore first needs to exceed the utilization space threshold and then there needs to be at least 5% difference in terms of utilization before SDRS will make a recommendation  Set the frequency that SDRS should check for imbalances — default is 8 hours  Set the I/O imbalance threshold
  50. 50.  Click Next  Select which cluster(s) you want to use > click Next  Select which datastores you want as part of the datastore cluster  Best practice is to use datastores that have similar capabilities, that way application owners and users should never experience a degradation of service due to an applied SDRS recommendation  Click Next > click Finish Tools  vSphere Storage Guide  vSphere Command-Line Interface Concepts and Examples  vCenter Server and Host Management Guide  Product Documentation  vSphere Client / Web Client  vSphere CLI
  51. 51. VCAP5-DCA Objective 1.3 – Configure and Manage Complex Multipathing and PSA Plug-ins 282012 May For this objective I used the following documents:  Documents listed in the Tools section Objective 1.3 – Configure and Manage Complex Multipathing and PSA Plugin-ins Knowledge **ITEMS IN BOLD ARE TOPICS PULLED FROM THE BLUEPRINT**  Explain the Pluggable Storage Architecture (PSA) layout o The Pluggable Storage Architecture (PSA) is a framework that is use for handling multipathing in a VMware environment. The framework is modular so it allows third-party vendors to build their own multipathing plugins and put them directly inline with storage I/O. The PSA is a collection sits at the vmkernel layer and is essentially a collection of vmkernel APIs o (image from vSphere Storage Guide) The PSA consists of plug-ins and sub plug-ins and perform different functions  Multipathing Plug-in (MPP)  These are provided by third-party vendors. An example of of a MPP is EMCs PowerPath/VE. VMware’s Native Multipathing Plug-in is also a MPP  Native Multipathing Plug-in (NMP)  Path Selection Plug-in (PSP)  Determines which active path to use when issuing an I/O request to a storage device
  52. 52.  If the active path to a particular storage device fails, PSP will determine which path to use next to issue the I/O request  Third-party vendors can create and integrate PSPs that run alongside VMware’s PSPs  Storage Array Type Plug-ins (SATP)  Determines and monitors the physical path states to the storage array  Determines when a physical path has failed  Activates new physical paths when the active path(s) has failed  Perform any other necessary array specific actions required during a storage failover  Third-party vendors can create and integrate SATPs that run alongside VMware’s SATPs Skills and Abilities  Install and Configure PSA plug-ins o Third-party vendors can supply their own MPP, such as EMC PowerPath/VE, or they can supply sub-plugins for PSP or SATP that supplements VMware’s NMP. These plug-ins will come in the form of a bundle and can be installed the following ways:  VMware vSphere Update Manager  Connected directly to the host via SSH console (use the esxcli software vib install command)  Using the vSphere Management Assistant (vMA) using the esxcli software vib install command  1 If the new plugin is not automatically registered you can do so manually # check to see if the new plug-in is registered 2 3 esxcli storage core plugin registration list 4 5 # if it isn't register the new plugin. In this example the module name is 'vcap_satp_v 6 # the plug-in class is SATP and the plug-in name is 'VCAP_SATP_VA' 7 esxcli storage core plugin registration add -m vcap_satp_va -N SATP -P VCAP_SATP_VA 8 o If you need to set a new default PSP for a SATP use the following commands:
  53. 53. 1 # this commnad lists out the current SATPs and their associated default PSP 2 3 esxcli storage nmp satp list 4 5 # this command will change the default PSP. Here i'm changing the VMW_SATP_CX 6 # defualt PSP from VMW_PSP_MRU to VMW_PSP_RR 7 esxcli storage nmp satp set -s VMW_SATP_CX -P VMW_PSP_RR 8 o Any devices that are currently using the SATP that you just changed will need to have all of their paths unclaimed and reclaimed. If you want to perform these operations via esxcli you will have to stop all I/O going to these devices, which usually isn’t a possibility. In this case you must reboot the host(s) in order for the new PSP to take effect o When you load a third-party SATP into NMP you are doing so in order to use the new SATP with a particular device. Here are the commands to run in order to claim a device under a different SATP – in this example I’m going to change the default SATP for a particular device to another SATP. When you install a third-party SATP the claim rule will most likely be specific to a class of devices and not a device ID, which is what I’m doing here. 1 # create a new claim rule for a device using the VMW_SATP_CX plugin 2 3 esxcli storage nmp satp rule add -s VMW_SATP_CX -d naa.5000144f60f4627a 4 # list the SATP claim rules to ensure it was added 5 6 esxcli storage nmp satp rule list -s VMW_SATP_CX 7  Understand different multipathing policy functionalities o I understand “multipathing policy functionalities” to be the Path Selection Plug-ins, or PSP. If someone has any comments what else this might be referring to, please let me know! VMware KB 1011340 also refers to PSPs as multipathing policies o By default there are three PSP’s that ship with vSphere  VMW_PSP_MRU
  54. 54.  The host will use the pat that is most recently used (MRU). When a path fails and another one is activated, the host will continue to use this new active path even when the original path comes back up.    Default for active/passive arrays Default for ALUA devices VMW_PSP_FIXED  The host will use a fixed path that is either, set as the preferred path by the administrator, or is the first path discovered by the host during the boot process   Default for active/active arrays VMW_PSP_RR  The host will use all active paths in a round robin (RR) fashion. It uses an algorithm to iterate through all active paths. The default number of I/Os that are issued to a particular path is 1000 before moving on to the next active/available path   No default array types are listed for this PSP Perform command line configuration of multipathing options o There are a multitude of multipathing options that can be changed using the command line. Some can be changed in the GUI as well, but other settings must be changed via command line o In the Install and Configuring PSA Plug-ins I covered how to change the default PSP for a particular SATP, so I won’t go over that again here o 1 Changing the PSP on a particular device # list details of the device you want to change, including the PSP 2 3 esxcli storage nmp device list -d naa.5000144fd4b74168 4 5 # this command will change the PSP for a particular device 6 # in this example I'm changing the PSP to VMW_PSP_FIXED 7 8 esxcli storage nmp device set -d naa.5000144fd4b74168 -P VMW_PSP_FIXED
  55. 55. o You can view device configurations for individual devices based on their assigned PSP. The following commands will view the device configurations for devices assigned the RR and Fixed PSPs. There will also be a command that lists the generic device configuration regardless of its assigned PSP 1 # list device configuration details for a device configured for VMW_PSP_FIXED 2 3 esxcli storage nmp psp fixed deviceconfig get -d naa.5000144ff548121b 4 5 # list the generic device configuration details for any device 6 esxcli storage nmp psp generic deviceconfig get -d naa.5000144fd4b74168 7 8 # list the device configuration details for a device configured for VMW_PSP_RR 9 10 esxcli storage nmp psp roundrobin deviceconfig get -d naa.5000144fd4b74168 11 o You can also set different parameters for PSP with esxcli. The following commands will set the preferred path on a device using VMW_PSP_FIXED and customize different parameters for a device using VMW_PSP_RR 1 2 3 # this command will set the preferred path on a device using the VMW_PSP_FIXED plug-i # use -E will set it back to the default # use -d to specify the device # use -p to specify the path 4 5 esxcli storage nmp psp fixed deviceconfig set -d naa.5000144ff548121b -p vmhba35:C1:T 6 7 # run this command to see the preferred path has changed 8 9 10 11 esxcli storage nmp psp fixed deviceconfig get -d naa.5000144ff548121b
  56. 56. 12 13 # these commands allow you to customize a device using the VMW_PSP_RR plug-in 14 # use -d to specify the device # use -B to set the byte limit. This will only change if you specify the 'type' as 'b 15 # use -I to set the iops limit. This will only change if you specify the 'type' as 'i 16 # use -t to set the type of round robin path switching. Accpeted values are 'bytes', 17 # use -U to allow round robin to use an active non-optimized path 18 19 # in this command we are changing the IOPs limit from its default of 1000 20 # to 2500. Remember you must use the -t parameter to specify 'iops' or the value will 21 22 esxcli storage nmp psp roundrobin deviceconfig set -d naa.5000144fd4b74168 -I 2500 -t 23 24 # run this command to see that the IOOperation Limit has changed to 2500 25 esxcli storage nmp psp roundrobin deviceconfig get -d naa.5000144fd4b74168 26 27 # run this command to set the device back to the VMW_PSP_RR default 28 29 esxcli storage nmp psp roundrobin deviceconfig set -d naa.5000144fd4b74168 -t default 30 31 32 o You can also make changes to a device configuration using the generic option. Here is an example of changing a device that is using the VMW_PSP_RR plug-in 1 # use this command to list the current device configuration 2 3 esxcli storage nmp psp generic deviceconfig get -d naa.5000144fd4b74168 4 5 # here is what was returned 6 # '{policy=rr,iops=1000,bytes=10485760,useANO=0;lastPathIndex=0: NumIOsPending=0,numB
  57. 57. 7 8 # use -d to specify the device 9 # use -c for the configuration # you can make changes to the individual parameters by name. If you want to change th 10 # then use the '-P iops=#' 11 # unlike the previous command where you had to specify a 'type' in order to get the ' 12 # to change, you do NOT have to specify that here 13 14 # changing the 'iops' to 5000 15 16 17 esxcli storage nmp psp generic deviceconfig set -d naa.5000144fd4b74168 -c 'iops=5000 18 o As you can see there are a lot of different things you can change with esxcli and multipathing configuration. Here is a video of performing some of these configurations  Change a multipath policy o You can change the multipathing policy a either in the GUI or via the command-line. I covered the command-line method in the previous section, Perform command line configuration of multipathing options, so I won’t go over here again. Here is how you change the multipath policy in the GUI  Log into the vSphere client > select a host that is connected to the device you want to change the multipathing policy for  Click the Configuration tab > click the Storage hyperlink  Right-click the datastore you in which you want to modify the multipathing policy for > click Properties…  Click the Manage Paths… button
  58. 58.  From the Path Selection: drop-down select the multipathing policy you want to change it to  Click Change << this is important, if you click the Close button without first clicking Change then the multipathing policy will not be changed    Click Close (MAKE SURE YOU CLICKED CHANGE FIRST) Click Close to exit the datastore properties Configure Software iSCSI port binding
  59. 59. o Prior to vSphere 5 software iSCSI port binding could only be configured via the CLI. With the release of vSphere 5, VMware has made all of our lives easier and added this to the GUI (in the properties of the iSCSI software initiator) o Before you begin the port binding process you need to have created 1:1 mappings of vmkernel adapters:physical adapters. This way, we can bind a single vmkernel adapter to a single physical adapter, enabling multipathing. Ensure these steps have been completed:  Created as many virtual switches or port groups as the number of physical adapters you will be using for iSCSI  You’ve created a vmkernel adapter for each vswitch or port group  You changed the NIC Teaming on each vswitch or port group to reflect on one active adapter and no standbys  o the iSCSI software adapter is enabled and has its targets configured Once you have this done you need to configure port binding. Let’s go through how to do it in the GUI first  Log into the vSphere client > select the host for which you are configuring iSCSI port binding on  Click the Configuration tab on the right > click the Storage Adapters hyperlink  Select the iSCSI software initiator > click the Properties… hyperlink  Select the Network Configuration tab > click the Add button  Select the vswitch or port group that corresponds with they vmkernel adapter and physical adapter that you have setup for iSCSI
  60. 60.   1 Ensure that the Port Group Policy is appears as Compliant  o Click OK Click Close > click Yes to perform a rescan Now lets do the iSCSI port binding using esxcli # we are binding the iscsi adapter (vmhba35) with vmk1, which has a 1:1 mapping with v 2 3 esxcli iscsi networkportal add -A vmhba35 -n vmk1 4 5 # run this command to verify the binding
  61. 61. 6 7 esxcli iscsi networkportal list  Here is the result of the list command, as you can see, vmhba35 and vmk1 are bound Tools  vSphere Installation and Setup Guide  vSphere Storage Guide  vSphere Command-Line Interface Concepts and Examples  Product Documentation  vSphere Client  vSphere CLI
  62. 62. VCAP-DCA 5 Objective 2.1–Implement & Manage Complex Virtual Networks Objective 2.1 – Implement & Manage Complex Virtual Networks For this objective I used the following resources:  vCenter Server and Host Management guide  vSphere Networking guide  VMware White Paper – VMware vNetwork Distributed Switch: Migration and Configuration  VMware KB Article 1008065  VMware VROOM! Blog  Eric Sloof’s blog  Jason Boche’s blog Knowledge Identify Common Virtual Switch Configurations Focus around VMware best practices for virtual switches  Use multiple physical uplinks per vSwitch  Separate network traffic from VMkernel ports and VM traffic (VLANs, dedicated pNICs)  Select the appropriate Load Balancing policy for your configuration  Dedicated vSwitch for IP based storage (iSCSI, NFS)  Secure network for Management Network traffic Skills and Abilities Configure SNMP  Configuring SNMP on vCenter Server 1. Select Administration -> vCenter Server Settingsto display the vCenter Server Settings dialog box 2. In the settings list, select SNMP 3. In Receiver URL, enter the host name or IP address of the SNMP receiver 4. In the field next to the Receiver URL field, enter the port number of the receiver Note – The port number must be a value between 1 and 65535 5. In Community, enter the community identifier
  63. 63. 6. Click OK For further information see page 37 of the vCenter Server and Host Management guide  Configuring SNMP on an ESXi host SNMP can be configured either via vSphere CLI or using the VMware vMA with the vicfgsnmp command. I will be outlining the process via the vicfg-snmp command.  Specify the communities and trap targets # vicfg-snmp –t <target hostname>@<port>/<community>  Enable the SNMP service # vicfg-snmp –E  Send a test trap to verify that the agent is configure correctly # vicfg-snmp –T Eric Sloof (blog / twitter) has put together a great video going into greater detail of the above steps. Video located HERE. Determine Use Cases For and Apply VMware DirectPath I/O Josh Coen (blog / twitter) has already covered this top in Objective 1.1 located HERE. Migrate a vSS Network to a Hybrid or Full vDS Solution Migration from a vNetwork standard Switch only environment to one featuring one or more vNetwork Distributed Switches can be accomplished in either of two ways:  Using only the vDS User Interface (vDS UI)  Using a combination of the vDS UI and Host Profiles Table of Migration Methods
  64. 64. Migration Process Work Flow Host Migration with some Disruption to VMs – The process outlined in Step 3 above includes two sub-steps:  Migration of vmnics and virtual ports (VMkernel ports and Service Consoles) can be migrated in a single step from vCenter Server  Migration of VM Networking where the VMs are migrated from vSS Port Groups to vDS DV Port Groups If all vmnics are migrated in the first step above then all VMs will lose network connectivity until the following step is completed. Host Migration without Disruption to VMs– If you need completely non-disruptive migration for VMs while deploying vDS, then a phased vmnic migration is required. The objective of a phased migration of vmnics is to maintain concurrent network connectivity over both vSS and vDS switches so that VM migration from vSS Port Groups to vDS DV Port Groups can proceed without interruption to network sessions. Step 3 of the non-disruptive process based on the above flow chart is as follows  Add host to vDS  Migrate one vmnic from the NIC team supporting VM networking from vSS to vDS dvUplink  Migrate VM networking from vSS Port Groups to vDS DV Port Groups  Migrate remaining vmnics and virtual ports (vmkernel and Service Consoles) to vDS
  65. 65. Source: VMware White Paper – VMware vNetwork Distributed Switch: Migration and Configuration Configure vSS and vDS Settings Using Command Line Tools Analyze Command Line Output to Identify vSS and vDS Configuration Details I am grouping both of these topics together as you will utilize most of the same commands to either configure or gain insight on how a vSS or vDS is configured. Also of note, the esxcfg-* commands are still available however learn and study the new esxcli commands as well. Several commands can be used to configure vSwitches  esxcfg-vswitch – Examine and configure virtual switches  esxcfg-vswif – Examine and configure service console ports  esxcfg-vmknic – Examine and configure VMkernel ports  esxcfg-route – Examine and configure routing  esxcli network namespace o ip namespace – Commands to create/configure vmk nics o vswitch namespace – Command to manipulate virtual switches o nic namespace – Configuration of physical interfaces Configure Netflow 1. Log in to the vSphere Client and select the Networkinginventory view 2. Right-click the vSphere distributed switch in the inventory pane, and select Edit Settings 3. Navigate to the NetFlowtab 4. Type the IP address and Portof the NetFlow collector 5. Type the VDS IP address 6. (Optional) Use the up and down menu arrow to set the Sampling rate. 7. (Optional) Select Process internal flows onlyto collect data only on network activity between virtual machines on the same host 8. Click OK For further reading see page 70 of the vSphere Networking guide as well as THIS post on the VMware Networking blog Eric Sloof again has a great video to guide you through the above steps located HERE. Determine Appropriate Discovery Protocol Switch discovery protocols allows vSphere administrators to determine which switch port is connected to a given vSphere standard switch (CDP only) or vSphere distributed switch (both CDP and LLDP).
  66. 66.  1. Enable Cisco Discovery Protocol on a vDS Log in to the vSphere Client and select the Networkinginventory view 2. Right-click the vSphere distributed switch in the inventory pane, and select Edit Settings 3. On the Properties tab, select Advanced 4. Select Enabledfrom the Status drop-down menu 5. Select Cisco Discovery Protocol from the Typedrop-down menu 6. Select the CDP mode from the Operation drop-down menu Description Option Listen ESXi detects and displays information about the associated Cisco switch port, but information about the vSphere distributed switch is not available to the Cisco switch administrator ESXi makes information about the vSphere distributed switch available to the Cisco switch administrator, Advertise but does not detect and display information about the Cisco switch Both ESXi detects and displays information about the associated Cisco switch and makes information about the vSphere distributed switch available to the Cisco switch administrator 7. Click OK  Enable Link Layer Discovery Protocol on a vDS 1. Log in to the vSphere Client and select the Networkinginventory view 2. Right-click the vSphere distributed switch in the inventory pane, and select Edit Settings 3. On the Properties tab, select Advanced 4. Select Enabledfrom the Status drop-down menu 5. Select Link Layer Protocol from the Typedrop-down menu 6. Select the LLDP mode from the Operation drop-down menu Description Option Listen ESXi detects and displays information about the associated physical switch port, but information about the vSphere distributed switch is not available to the switch administrator ESXi makes information about the vSphere distributed switch available to the physical switch Advertise administrator, but does not detect and display information about the physical switch Both ESXi detects and displays information about the associated physical switch and makes information about the vSphere distributed switch available to the switch administrator 7. Click OK For further reading see page 70 of the vSphere Networking guide. Jason Boche (blog / twitter) has also written two blog posts covering the use of CDP and LLDP. They can be found HERE and HERE.
  67. 67. VCAP-DCA 5 Objective 2.2 – Configure & Maintain VLANs, PVLANs, & VLAN Settings Objective 2.2 – Configure & Maintain VLANs, PVLANs, & VLAN Settings For this objective I used the following resources  VMware KB Article 1010691  VMware KB Article 1004048  VMware KB Article 1010703  Chris Wahl’s blog  IT Cookbook blog Knowledge Identify types of VLANs and PVLANs  A VLAN (virtual lan) is a grouping of hosts that are able to communicate in the same broadcast domain even though they may not be physically plugged into the same network device  VLAN Trunking is the ability to pass multiple VLAN traffic (thus sharing) through a singular physical network connection  Private VLANs allow you to isolate traffic between virtual machines in the same isolated VLAN. These isolated PVLANs are referred to as the primary VLAN divided into secondary VLANs. PVLANs are only configurable in ESX on vDS. There are three types of secondary PVLAN: 1. Promiscuous – VM’s are reachable by and can reach any machine in the same primary VLAN 2. Isolated – Vm’s can talk to no virtual machines except those in the promiscuous PVLAN 3. Community – VM’s can talk to each other and to the VMs in the promiscuous PVLAN, but not to any other VM See VMware KB Article 1010691 “Private VLAN (PVLAN) on vNetwork Distributed Switch – Concept Overview” for additional reading. Skills and Abilities Determine use cases for and configure VLAN Trunking Use case for using VLAN trunking would be if you have multiple VLANs in place for logical separation or to isolate your VM traffic but you have a limited amount of physical uplink ports dedicated for your ESXi hosts. For example:
  68. 68. In the above example four port groups are created and are “tagged” with the required VLAN id’s that are used. Each of the vmnics is bonded together in an EtherChannel(completed on the physical Cisco switch) and is configured to “trunk” the various VLANs. On the ESXi switch side the NIC Teaming Load Balancing Policy will need to be set to Route based on IP hash. Note – this is just an example, you do not have to/need to use EtherChannel/Link aggregation to use VLAN trunking. For additional reading on configuring and using EtherChannel or Link Aggregation seeVMware KB Article 1004048 “Sample Configuration of EtherChannel/Link aggregation with ESX/ESXi and Cisco/HP swtiches” Chris Wahl (blog / twitter) has also has an excellent blog article outlining the use of Trunks and Portgroups with vSphere. Article found HERE. Determine use cases for and configure PVLANs Private VLANs provide additional security between virtual machines on the same subnet without exhausting VLAN number space. PVLANs are particularly useful on a DMZ where the server needs to be available to external connections and possibly internal connections, but rarely needs to communicate with other servers on the DMZ. This may be more easily explained with a picture:
  69. 69. (Graphic supplied by IT Cookbook – real world experience) Configuring a PVLAN is completed as follows 1. In vCenter, go to Home -> Inventory -> Networking 2. Click Edit Settings on the desired dvSwitch 3. Choose the Private VLAN tab 4. On the Primary tab, add the VLAN that is used outside the PVLAN domain. Enter a private LAN ID and/or choose one from the list 5. On the Secondary Tab, create the PVLANs of the desired type (see definitions above). Enter a VLAN ID in the VLAN ID field 6. Select the Type for the Secondary VLAN ID 7. Click Ok To set the PVLAN in the dvPortGroup 1. Highlight dvPortGroup and click Edit Settings 2. Click General -> VLAN -> Policies 3. Using the dropdown, set the VLAN type to Private 4. Select VLAN from the Private VLAN Entry dropdown Above procedure was taken from VMware KB Article 1010703 ”Configuration of Private VLAN (PVLAN) on vNetwork Distributed Switch” Again, Chris Whal has a great article covering the use of Private VLANs (PVLANs) in vSphere. Article is located HERE. Use command line tools to troubleshoot and identify VLAN configurations See section “Configure vSS and vDS Settings Using Command Line Tools” in Objective 2.1 located HERE.
  70. 70. Additional Resources To further “pimp out” Chris Wahl, he recently covered all of Section 2 objectives on the ProfessionalVMware Brownbag series. Available HERE on iTunes (release date is 9 5 12).
  71. 71. VCAP-DCA 5 Objective 2.3 – Deploy & Maintain Scalable Virtual Networking Objective 2.3 – Deploy & Maintain Scalable Virtual Networking For this objective I used the following resources:  vSphere Networking Documentation  VMware Virtual Networking Concepts Whitepaper  VMware KB Article 1006558  VMware KB Article 1006778  VMware KB Article 1005577  VMware KB Article 1002722  VMware KB Article 1004088  VMware KB Article 1004048  VMware KB Article 1001938 Knowledge Identify VMware NIC Teaming Polices  Load Balancing – Determines how OUTGOING traffic is distributed among the network adapters assigned to a vSwitch. Four options are available: 1. Route based on the originating port ID (Default) - Choose an uplink based on the virtual port where the traffic entered the virtual switch 2. Route based on IP Hash - Choose an uplink based on a hash of the source and destination IP addresses of each packet. For non-IP packets, whatever is at those offsets is used to compute the hash (See VMware KB Article 1001938 “ESX/ESXi host requirements for link aggregation” for further reading) 3. Route based on source MAC Hash – Choose an uplink based on a hash of the source Ethernet 4. Use explicit failover order – Always use the highest order uplink from the list of Active adapters which passes failover detection criteria  Network Failover Detection – Controls the link status and beacon probing. Beaconing is not supported with guest VLAN tagging. Two options for use: 1. Link Status Only – Relies solely on the link status that the network adapter provides. This option detects failures, such as cable pulls and physical switch power failures, but not configuration errors, such as a physical switch port being blocked by spanning tree or that is misconfigured to the wrong VLAN or cable pulls on the other side of a physical switch.

×